4 ответов в этой теме

[davidsan]

Hello,

 

We have noticed that drweb virus guards detects even empty installers as malicious. We sent this file for analysis as a false positive and the reply said "This is not a false alarm"

 

Truth is, this is in fact a false alarm because the file that has been sent for analysis contains nothing init. 

 

I have attached this example file herewith in a zip container, password is "infected"

 

Please explain why this no sense behaviour from Dr. Web virus guard and false positive division.

Сообщение было изменено sergeyko: 05 Июнь 2015 - 13:06

[sergeyko]

The rules prohibit posting malicious and suspicious files onto the forum. 

[davidsan]

The file that was attached is not malicious. We need to know why DRWEB detects even empty installers as malicious and fails to white list them upon analysis 

[davidsan]

Hi,

 

I am surprised with Drweb's analysis results because inside this exe, there is nothing. Exact coding inside this application is,

 

................

 

MessageBox MB_OK "Hello!!!" 

SectionEnd

[6/4/2015 9:36:32 PM] ******* ********: Section main

    MessageBox MB_OK "Hello!!!" 

SectionEnd

 

.................

 

Tell me how this snippet of code would be flagged malicious. This is unfair  

Сообщение было изменено VVS: 05 Август 2015 - 21:17
Name deleted

[davidsan]

Hello.

I checked your website on the information regarding the “hoaxes / jokes” category but wasn’t able to find it. I found “Hoaxes” category but the description of the category doesn’t comply with Trojan.Click3.12361 which you’ve given to our application.

Could you please clarify the fact that all our applications receive your detection as a malicious regardless their content? I just think that it is a bit unfair and inappropriate to put in one row empty installers and real ones and detect them as a malicious.

Could you please explain me in a clear way the algorithm of your actions on detection of a malicious software?

Thank you.